[strongSwan] issue found in strongswan-5.0.1dr4 (and then found in 5.0.1rc1)

Robert Lee rleeatgm at gmail.com
Mon Oct 1 07:57:29 CEST 2012


Dear Martin or other SS developers,

The new 5.0.1rc1 is able to assign both IPv4 and IPv6 addresses for the
single tunnel, and the IPv4 routing (both directions) over the tunnel is
also working fine. However, the IPv6 routing is not working from server to
client:

When ping6 from client to server, tcpdump showed messages being sent over
the tunnel to the server, but there was no returning message.

When ping6 from server to client, following error showed up in the server
log, and the tcpdump did not show any messages being sent over the tunnel
to the client:

charon: 00[DMN] Starting IKE charon daemon (strongSwan 5.0.1rc1, Linux
2.6.18-238.el5, x86_64)
charon: 08[IKE] CHILD_SA client_1{1} established with SPIs cc682e39_i
cb346471_o and TS 10.10.10.0/24 fec1::/64 === 10.10.10.1/32 fec1::1/128
........
charon: 02[KNL] creating acquire job for policy fec1::2/128[udp/59080] ===
fec1::1/128[udp/1025] with reqid {1}
charon: 10[CFG] trap not found, unable to acquire reqid 1

Server's ipsec.conf:
conn client
        leftsubnet=10.10.10.0/24,fec1::0/64
        rightsourceip=10.10.10.1,fec1::1/64

Client's ipsec.conf
        leftsourceip=%config4,%config6
        rightsubnet=10.10.10.0/24,fec1::0/64

Thank you!
Robert


 On Mon, Sep 24, 2012 at 12:45 AM, Martin Willi <martin at strongswan.org>wrote:

> Hi Robert,
>
> > When assigning IPv4 and IPv6 addresses for the single tunnel, client
> > gets both VPN addresses, IPv4 routing is working fine, but there is no
> > IPv6 routing/traffic over the tunnel.
>
> I think this bug has been fixed with [1], the release candidate at [2]
> should support dual IPv4/IPv6 selectors when requesting multiple IPs. A
> corresponding test case is available at [3].
>
> Regards
> Martin
>
> [1]http://git.strongswan.org/?p=strongswan.git;a=commitdiff;h=7ee37114
> [2]http://download.strongswan.org/strongswan-5.0.1rc1.tar.bz2
> [3]http://www.strongswan.org/uml/testresults5rc/ikev2/ip-two-pools-v4v6/
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.strongswan.org/pipermail/users/attachments/20120930/678b300b/attachment.html>


More information about the Users mailing list